OS X Permissions

Discussion in 'macOS' started by cblackburn, Feb 20, 2006.

  1. cblackburn macrumors regular

    Joined:
    Jul 5, 2005
    Location:
    London, UK
    #1
    Hey all,

    I have an external hard drive (mounted as /Volumes/Icybox) and I would like to share some of the contents with other people. This is what I have done

    1. Set myself as the owner of all the files recursively in the hard drive.

    2. Set the unix file permissions to 744 so that I have complete access and other people have read only access.

    3. Set up a limited user (fileshare) who can log in over FTP whose home directory is /Volumes/Icybox.

    However when the user logs in over FTP all the files are suddenly owned by fileshare, and hence the remote user has complete access. Why do the files reflect the owner to be whoever is logged in rather than the correct file permissions?

    Regards

    Chris
     
  2. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #2
    You should look into using "chroot" to protect your directories.
     
  3. cblackburn thread starter macrumors regular

    Joined:
    Jul 5, 2005
    Location:
    London, UK
    #3
    Que? How would that help in the above situation. I thought chroot just locked you into a certain directory?

    Chris
     
  4. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #4
    Yes.. what I gathered from your post was anyone who connected has permissions to travel anywhere, that's not the case?

    If not, then this might help you: http://www.ldml.com/services/support/macosx/ftpUserCreate.html

    perhaps if you replaced the built-in FTP server with something a little more "robust" and modern, your Permissions issues would be moot. Of coruse, I don't know which version of OS X you're running, nor which FTP server.
     
  5. cblackburn thread starter macrumors regular

    Joined:
    Jul 5, 2005
    Location:
    London, UK
    #5
    I am using the standard FTP server on OS X.4.4. The problem is that the permissions of files inside a directory are not constant depending on who logs in. If Chris logs in then the files are owned by Chris. If fileshare logs in then the files are owned by fileshare, and so on. This effectively makes permissions redundant.

    Chris
     
  6. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #6
    Is perhaps "Ignore Permissions on this volume" checked in the Get Info window (permissions section)?

    AFAIK, an external drive (besides the above choice) should act as an any other volume. I just tested what you are seeing by creating 2 test users on a 10.4.4 box and turning on the FTP server. Via the terminal for testa, I touched 5 test files, test1 - test5. By default, the permissions were set as 644. Not sure why you're making the files executable, they don't need to be to be downloaded. But just to be the same, I changed the permissions to be 744 on all the test files. I logged in as a second test user via the FTP server and changed directories to the test user's home dir, and all the test files were owned by the testa user.

    So I'm not seeing what you're seeing.

    Code:
        Welcome to Darwin!
    230 User testb logged in.
    Remote system type is UNIX.
    Using binary mode to transfer files.
    ftp> cd /Users/testa
    250 CWD command successful.
    ftp> ls
    229 Entering Extended Passive Mode (|||56864|)
    150 Opening ASCII mode data connection for '/bin/ls'.
    total 1
    -rw-r--r--   1 testa  testa    3 Feb 20 16:10 .CFUserTextEncoding
    drwx------   3 testa  testa  102 Feb 20 16:10 Desktop
    drwx------   3 testa  testa  102 Feb 20 16:10 Documents
    drwx------  17 testa  testa  578 Feb 20 16:10 Library
    drwx------   3 testa  testa  102 Feb 20 16:10 Movies
    drwx------   3 testa  testa  102 Feb 20 16:10 Music
    drwx------   4 testa  testa  136 Feb 20 16:10 Pictures
    drwxr-xr-x   4 testa  testa  136 Feb 20 16:10 Public
    drwxr-xr-x   5 testa  testa  170 Feb 20 16:10 Sites
    -rwxr--r--   1 testa  testa    0 Feb 20 16:14 test1
    -rwxr--r--   1 testa  testa    0 Feb 20 16:14 test2
    -rwxr--r--   1 testa  testa    0 Feb 20 16:14 test3
    -rwxr--r--   1 testa  testa    0 Feb 20 16:14 test4
    -rwxr--r--   1 testa  testa    0 Feb 20 16:14 test5
    226 Transfer complete.
    
    So... all I can think of is that "Ignore Permissions on this volume" is checked.
     
  7. cblackburn thread starter macrumors regular

    Joined:
    Jul 5, 2005
    Location:
    London, UK
    #7
    hummmm, I do not have that as an option when I Get Info on either the External or Internal Hard drives. Both are formatted as MacOS Extended (Journaled). I am logged in as a system administrator.

    any ideas on where this option has gone?

    Regards

    Chris
     
  8. yellow Moderator emeritus

    yellow

    Joined:
    Oct 21, 2003
    Location:
    Portland, OR
    #8
    It has to be there..

    Under Ownership & Permissions. It's a checkbox, (changed to) "Ignore ownership on this volume" in Tiger.
     
  9. cblackburn thread starter macrumors regular

    Joined:
    Jul 5, 2005
    Location:
    London, UK
    #9
    Here is a screenshot of the get info box:-

    [​IMG]
     

    Attached Files:

  10. mrichmon macrumors 6502a

    Joined:
    Jun 17, 2003
    #10
    By default OS X mounts external drives only when a user logs in at the console. These external drives are mounted such that the logged in user owns the files on the volume. In effect this means that the permissions stored on the external drive are ignored.

    If you want OS X to honor the permissions on the external drive then you need to set up the mount options for the external drive using an entry in /etc/fstab.
     

Share This Page